CVE-2023-43667 – org.apache.inlong:inlong

Package

Manager: maven
Name: org.apache.inlong:inlong
Vulnerable Version: >=1.4.0 <1.8.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00909 pctl0.74915

Details

SQL Injection in Apache InLong Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628

Metadata

Created: 2023-10-16T09:30:19Z
Modified: 2024-09-27T19:23:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-fpcf-qr79-hjqp/GHSA-fpcf-qr79-hjqp.json
CWE IDs: ["CWE-74", "CWE-89"]
Alternative ID: GHSA-fpcf-qr79-hjqp
Finding: F106
Auto approve: 1